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INFORMATION PROCESSOR 

This invention relates to security protection of an 
information processor, especially to a method for 
5 permitting/cancelling a temporary right to use the 

information processor under predetermined conditions. 

Conventionally, on using an information processor, a 
user name and a password are checked to verify the user's 
right to use. 

10 The right to use the information processor may not 

be permitted in a normal status to a special user or 
maintenance engineer who has only a temporary right to 
use the Information processor only under predetermined 
condition, e.g., when an error occurs in the information 

15 processor, or maintenance time. Such a user Is not 

permitted to use the Information processor unless 
indicated by a manager of the Information processor under 
predetermined condition. Or the manager may permit such 
a user's right to use by registering the user 

20 temporarily. 

Another conventional system is used in a service 
processor of the 3090 processor series of IBM, U.S.A. 
According to this system, the password of the user is 
changed automatically for every use, and a new password 

25 is assigned to the user to permit the right to use by the 



1 



manager before every access to the processor. 

As has been described, conventionally, the manager 
of the information processor must always intervene in 
processing to permit the user the temporary right to use 
5 under predetermined condition, even when the password is 

changed automatically for every use such as in the system 
for the service processor of 3090 processor series of 
IBM, U.S.A. 

And the manager must always cancel the temporary 
10 right to use of the user after every processing both when 

the manager permits the user the temporary right to use 
the information processor and when the manager registers 
the user temporarily. If the manager does not cancel the 
temporary right to use, the information processor may be 

15 used improperly. 

This invention is provided to solve the above- 
mentioned problems. 

According to the present invention, there Is 
provided an information processor comprising: 
20 (a) a user directory for registering a user name, a 

user's password and an attribute for a user's right to 
use ; 

(b) directory update means for updating the attribute 
for the right to use of the user directory to permit the 
25 US er the right to use the information processor; and 
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(c) user recognize means for recognizing the user on 
logging in, for judging the user's right to use the 
information processor by referring to the user directory, 
and for updating the user directory to cancel the right 
to use of the user. 

Thus In an information processor of the invention, 
the temporary right to use, permitted to a user under 
predetermined condition, can be canceled automatically or 
can be limited without an intervention of the manager. 

Also, in the information processor of the invention, 
the temporary right to use of a registered user can be 
permitted automatically without the intervention of the 
manager under the predetermined condition. 

Thus, with the invention, the user recognize means 
recognizes the user and updates the user's attribute for 
the right to use registered in the user directory when 
the user logs in, so that the user is not permitted the 
right to use unnecessarily, which prevents the 
information processor from being improperly used. 

The temporary right to use can be cancelled at 
logging-in time of the user, so that the user cannot log 
in unless permitted the right to use once again, which 
prevents the information processor from being improperly 
used. 

The right to use can also be permitted with a time 
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limit, so that the user, who needs a lot of times of log- 
ins to process some work, can work without caring the 
number of log-ins. The load of the manager of the 
information processor can be reduced because he does not 
need to permit the right to use for the temporary user's 

every access. 

The condition to permit the temporary right to use 
to the temporary user can be registered in the condition 
directory, and the condition Judge means can detect the 
fulfillment of the condition to permit the right to use. 

It is also possible for the user to be registered in 
the condition directory to permit the temporary right to 
use under predetermined condition, the right to use can 
be thus permitted to only the specified user 
corresponding to the fulfilled condition. So the right 
to use is not permitted to the user unnecessarily and the 
information processor is prevented from being Improperly 
used. 

The temporary users can be divided into classes and 
the user's class can be registered in the condition 
directory. The temporary right to use can be permitted 
to all the users of the specified class, which enables 
more efficient processing. 

The condition to permit/to cancel the temporary 
right to use can be registered in the condition 



directory, so that the temporary right to use can be 
permitted/cancelled automatically . 

Further, the condition Judge .means can permit the 
temporary right to use and the user recognize means can 
cancel the temporary right to use when the specified 
condition is fulfilled. Thus the temporary right to use 
can be permitted and cancelled automatically. The 
permission or cancellation is done when the user logs in, 
which prevents the information processor from being 
improperly used. 

The invention will be further described by way of 
non-limitative example with reference to the accompanying 
drawings , in which : - 

Fig. 1 shows a general configuration of one 
embodiment according to the invention; 

Figs. 2A and 2B show examples of the user directory; 

Fig. 3 is a flowchart showing the operation of the 
user recognize means; 

Fig. 4 shows another example of the user directory 
according to a second embodiment of the invention; 

Fig. 5 is a flowchart showing the operation of the 
user recognize means according to the second embodiment 
of the invention; 

Fig. 6 shows another example of the user directory 
according to a third embodiment of the invention; 



Fig. 7 is a flowchart showing the operation of the 
user recognize means according to the third embodiment of 

the invention; 

Fig. 8 is a block diagram showing a general 
configuration of a fourth embodiment according to the 
invention; 

Fig. 9 shows an example of the condition directory 
according to the fourth embodiment of the invention; 

Fig. 10 is a flowchart showing the operation of the 
condition Judge means according to the fourth embodiment 
of the invention; 

Fig. 11 shows another example of the condition 
directory according to a fifth embodiment of the 
invention; 

Fig. 12 is a flowchart showing the operation of the 
condition judge means according to the fifth embodiment 

of the invention; 

Fig. 13 shows another example of the condition 
directory according to a sixth embodiment of the 
invention; 

Fig. 14 shows another example of the user directory 
according to the sixth embodiment of the invention; 

Fig. 15 is a flowchart showing the operation of the 
condition judge means according to the sixth embodiment 
of the invention; 
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Fig. 16 shows another example of the condition 
directory according to a seventh embodiment of the 
invention; and 

Fig* 17 is a flowchart showing the operation of the 
condition Judge means according to the seventh embodiment 
of the invention. 

Description of Preferred Embodiments 
Embodiment 1. 

Figs. 1-3 explain one embodiment according to the 
invention, where a temporary right to use an information 
processor is permitted by a manager of the information 
processor, but the right to use is cancelled 
automatically without the intervention of the manager. 
Fig. 1 shows a general configuration of the embodiment. 
In Fig. 1, a terminal 1 is connected to an information 
processor 3 via a communication network 4. A terminal 2 
is located in a maintenance center and is also connected 
to the information processor 3 via the communication 
network 4. When a user tries to log in, a user recognize 
means 5 judges the user's right to use the information 
processor. If the user's right is Judged to be proper, 
the user recognize means 5 permits the user to log in and 
then cancels the user's right to use. The user recognize 
means 5 Judges the user's right to use by referring to a 



user directory 6, where the names and information of the 
users are registered- The manager of the information 
processor 3 updates the user directory 6 by a directory 
update means 7 with a management terminal 8 to permit the 
user the temporary right to use. 

Figs. 2A and 2B show examples of the configuration 
of the user directory 6. In the user directory 6 shown 
in the examples of the figures, an attribute for 
temporary use 63 and an attribute for permission are 
provided as well as names 61 and passwords 62 of the 
users. The attribute for temporary use 63 shows whether 
the user is a temporary user or not. The attribute for 
permission shows whether the temporary user is permitted 
to use the information processor 3 or not. In Fig. 2A, 
the right to use of a temporary user AAA is cancelled. 
In Fig. 2B, the temporary user AAA is permitted the 
temporary right to use. Fig. 3 is a flowchart showing 
the operation of the user recognize means 5. 

Referring to Figs. 2A, 2B and 3, the operation will 
be explained hereinafter. Generally, for example, in 
case an error occurs in the information processor or in 
case of a periodical maintenance, a person In charge of 
repair or maintenance has to be permitted the right to 
use the information processor. Thus, the manager of the 
information processor 3 changes the attribute for 
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permission 64 of a proper temporary user to permission 
under predetermined condition. For example, when an 
error occurs In hardware, a person in charge of the 
hardware diagnosis should be permitted the temporary 
right to use to diagnose the error. If AAA shown in 
Figs. 2A and 2B is permitted the temporary right to use, 
the status of the user directory 6 becomes the status 
shown in Fig. 2B. The manager Informs AAA of the 
hardware error and of the permission of the temporary 
right to use. 

On accessing the Information processor 3 from the 
terminal 1 or the terminal 2 In the maintenance center 
via the communication network 4, a temporary user 
permitted the temporary right to use has to be recognized 
by the user recognize means 5. 

At user's request for accessing, the user recognize 
means 5 demands a user name and a password of the user. 
After the user inputs the name and the password (step S31 
in Fig. 3), the user recognize means 5 recognizes the 
user In the following procedure. 

The user recognize means 5 retrieves the user's 
entry according to a user name 61, namely the name Input 
by the user at step S31, from the user directory 6 (step 
S32). If there exists no user's entry corresponding to 
the user name 61 in the user directory 6 (step S33) , the 
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user is not permitted to use the information processor 
(step S399). If there is corresponding user's entry, 
then the user is judged to be a temporary user or not by 
checking the attribute 63 for temporary use of the 
retrieved user's entry (step S34). If the user is not a 
temporary user, the user is recognized as a constant user 
and the password 62, namely the password input by the 
user at step S31 , is confirmed (step S37) . If the user 
is a temporary user, then the attribute 64 for permission 
is checked (step S35). If the attribute 64 for 
permission shows permission, the attribute 64 is changed 
to refusal (step S36), and then the password 62 of the 
user Is confirmed (step S37) . If the attribute 64 for 
permission shows refusal, the user is refused to use the 
information processor (step S399). 

In the predescribed way, the right to use of the 
temporary user is automatically updated to refusal by the 
user recognize means 5 once the temporary user accesses 
the information processor 3. Accordingly, such a 
temporary user has to be permitted a temporary right to 
use before every access to the Information processor. 
This prevents the information processor from being 
Improperly used. 

In Embodiment 1, the user directory 6 includes the 
attribute 63 for temporary use. This attribute 63 can be 
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eliminated by indicating the constant user. Namely, the 
attribute 64 for permission may be set to show permission 
for constant use besides permission/refusal. In this 
case, the constant user can be indicated by the 
permission for permanent use included in the attribute 64 
for permission. The number of the attributes can be thus 
reduced concerning the right to use. 
Embodiment 2. 

Figs. 4 and 5 explain another embodiment of the 
invention, where the temporary right to use is permitted 
by the manager and the right is automatically canceled 
without an intervention of the manager. In this 
embodiment, the temporary right to use is cancelled 
automatically after the temporary user accesses the 
Information processor predetermined number of times. A 
general configuration of this embodiment is the same as 
Embodiment I shown in Fig. 1. 

Fig. 4 shows an example of the user directory 6 
according to the embodiment. As shown in the figure, the 
user directory 6 includes an attribute 65 for number of 
permissions besides the user name 61 and the password 62. 
The attribute 65 for number of permissions shows how many 
times a user can be permitted a temporary right to use 
the information processor. If the attribute 65 for 
number of permissions is zero, the user cannot be 



permitted the right to use the information processor. If 
the attribute 65 for number of permissions is not zero, 
the user can be permitted the right to use the 
information processor. The constant user having a 
constant right to use is indicated by a negative number 
as the attribute 65. As described above, a binary number 
with plus/minus sign is used for the attribute 65 for 
number of permissions in this Embodiment 2. In Fig. 4, a 
user AAA is a temporary user having refusal for the right 
to use at present, a user BBB is a temporary user having 
permission for the right to use at present, and a user 
CCC is a constant user having a constant right to use. 
Fig. 5 is a flowchart showing the operation of the user 
recognize means 5. 

In the following, this embodiment will be explained 
mainly in relation to different aspects from Embodiment 1 
referring to Figs. 4 and 5. In this embodiment, the 
attribute 65 for number of permissions in the user 
directory 6 is decremented by 1 after every access of the 
temporary user, while the attribute 64 for permission In 
the user directory 6 is updated after every access in 
Embodiment 1. 

The operation of the user recognize means 5 will be 
explained referring to Fig. 5. In the operation of the 
user recognize means 5, the procedure from step S51, 
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where the user name and the password are input, to step 
S53, where the user's entry is retrieved according to the 
user name 61 at step S53, is the same as from step S31 to 
step S33 in Fig. 3 of Embodiment 1. After the user's 
entry is retrieved, the attribute 65 for number of 
permissions of the user is checked (step S54) . If the 
attribute 65 is negative, the user is recognized as a 
constant user and the user's password is confirmed (step 
S54). If the attribute 65 for number of permissions is 
positive, the user is recognized as a temporary user, the 
attribute 65 is decremented by 1 (step S55) and the 
user's password is confirmed (step S56). If the 
attribute 65 is zero, the user is refused to use the 
information processor (step S599), 

As described above, the user recognize means 5 
decreases automatically the number of permissions by 1 at 
every access (log-in) of the user having a positive 
number as the attribute 65 for number of permissions. 
When the attribute 65 for number of permissions becomes 
zero, the user is not permitted to access the information 
processor. Accordingly, a temporary user has to be 
permitted the right to use the Information processor by 
the manager every predetermined number of accesses. This 
prevents the Information processor from being improperly 
used. This embodiment is effective when a certain number 
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of accesses are needed for one purpose, for example, in 
case of the fault diagnosis of the hardware, where a lot 
of times of log-ins are required to diagnose the hardware 
fault. The user does not need to be permitted the right 
to use the information processor every log-in by the 
manager of the information processor according to this 
embodiment . 

The attribute 63 for temporary use may be included 
in the user directory 6 as well as in Embodiment l f 
though the attribute 63 is not included in the user 
directory 6 in Embodiment 2. In this case, a constant 
user is not identified by the attribute 65 for number of 
permissions, but specified by the attribute 63 for 
temporary use. 
Embodiment 3. 

Figs. 6 and 7 show another embodiment, where the 
temporary right to use is permitted by the manager and 
the right is automatically cancelled without an 
intervention of the manager. A general configuration of 
this embodiment is the same as shown in Fig. 1 of 
Embodiment 1. In this embodiment, the temporary right to 
use is cancelled when predetermined length of time has 
passed after permission. 

Fig. 6 shows an example of the user directory 6 
according to Embodiment 3. In this example, the user 
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directory 6 includes an attribute 66 for time limit as 
well as the user name 61 , the password 62, and the 
attribute 63 for temporary use. The attribute 66 for 
time limit shows a time, until when the user's temporary 
right to use is valid. For example, a user AAA in Fig. 6 
has a temporary right to use and his time limit is 
13:54:20 on April 30, 1994. Fig. 7 is a flowchart 
showing the operation of the user recognize means 5 in 
this embodiment. 

The operation of the embodiment will be described 
mainly in relation to different aspects from Embodiment 1 
referring to Figs. 6 and 7. In this embodiment, the 
manager updates the attribute 66 for time limit in the 
user directory 6 by adding predetermined length of time 
to permit a temporary user the right to use the 
information processor, while the attribute 64 for 
permission is updated to permit a temporary user the 
right to use in Embodiment 1. 

In the operation of the user recognize means 5, the 
procedure from step S71, where the user name and the 
password are input, to step S74, where it is checked 
whether the user is a temporary user or not, is the same 
as from step S31 to step S34 in Fig. 3 of Embodiment 1. 
If the user is not a temporary user, the user is 
recognized as a constant user and the user's password is 
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confirmed (step S76). If the user is a temporary user, 
the attribute 66 for time limit is compared with current 
time to check whether the user is permitted to use or not 
(step S75). If the current time is before the time limit 
set by the attribute 66 for time limit, the procedure is 
forwarded to step S76, where the user's password is 
confirmed. If the current time is after the time limit 
set by the attribute 66 for time limit, the user is 
refused to use the information processor (step S799). 

As has been described, in this embodiment, the 
temporary right to use Is permitted to the temporary user 
by the manager, and the right becomes automatically 
invalid after the predetermined length of time has 
passed. The temporary user has to be permitted the right 
to use by the manager for accessing the information 
processor every predetermined length of time. This 
prevents the information processor from being improperly 
used . 

Embodiment 4. 

Figs. 8-10 explain another embodiment, where the 
temporary right to use is automatically permitted to the 
temporary user under predetermined condition. The 
temporary right to use can be automatically cancelled by 
any way of the above three embodiments (Embodiment 1 - 
3). In the following explanation, the temporary right to 
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use is canceled by the way of Embodiment 1. 

Fig. 8 shows a general configuration according to 
Embodiment 4 of the invention. Registers 11 and 12 hold 
events and their values of the condition of the trigger 
for permitting the right to use. In Fig. 8. for example, 
the register 11 holds current time and the register 12 
holds a number of faults. The condition for permitting 
the right to use is registered in a condition directory 
10 corresponding to each event. A condition Judge means 
9 observes occurrence of each event. When an event 
occurs, the condition judge means 9 Judges whether the 
predetermined condition is fulfilled by the event or not 
referring to the condition directory 10. If the 
condition is fulfilled, the condition judge means 9 
permits a proper temporary user the temporary right to 
use by updating the user directory 6. The other elements 
in Fig. 8 operate in the same way as the corresponding 
elements shown in Fig. 1. 

Fig. 9 shows an example of the condition directory 
10. In Fig. 9. variables 71, registered as events in the 
registers 11 and 12, respectively, and their reference 
values 72, and relations 73 between the variables 71 and 
the reference values 72 are registered as the condition. 
And a type of the variables (e.g., number, time, 
character string) is registered as a variable class 77 



17 



for indicating what should be compared to check the 
relation between the variable 71 and the reference value 
72. Fig. 10 is a flowchart showing the operation of the 
condition judge means 9. 

The operation will be explained below referring to 
Figs. 8 - 10. The condition Judge means 9 observes the 
events (variables) registered in the registers 11 and 12 
of the information processor 3 f which are specified in 
the condition directory 10. The condition Judge means 9 
observes the change of the value of the events by 
retrieving a value of the variable periodically, or being 
informed by an interruption when the value changes. In 
Fig. 9, for example, "current time" and "number of 
failures" are registered and observed as the events. 

When the condition Judge means 9 detects the change 
of the value of the variable observed, the condition 
judge means 9 Judges whether the change fulfills the 
condition or not in the procedure shown in the flowchart 
of Fig. 10. At step S101, the condition judge means 9 
obtains the changed variable 71 and its value from the 
register 11 or 12. For example, if the "number of 
failures'* changes, the changed value of the variable is 
read from the register 12. Then, the condition entry 
corresponding to the changed variable is retrieved from 
the condition directory 10 (steps S102, S103). When no 
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condition entry corresponding to the changed variable 
exists (step S103) , the condition Judge means 9 does hot 
operate in the further steps. In this example, the 
second entry of Fig. 9 is selected. Referring to the 
retrieved entry, the variable 71 is compared with the 
corresponding reference value 72, and it is checked 
whether the predetermined relation 73 can be applied or 
not (step S104). When the relation 73 cannot be applied 
to the changed variable and the reference value even if 
there exists the corresponding condition entry (step 
S104) f the condition Judge means 9 neither operates in 
the further steps. 

When the relation 73 can be applied to the changed 
variable and the reference value, the condition Judge 
means 9 updates the user directory 6 (step S105). All 
the users having the attribute 63 for temporary use as 
shown in Figs. 2A and 2B are detected, and the attribute 
64 for permission of all the detected temporary users are 
updated to permission. In case of the second entry shown 
In Fig. 9, when the "number of failures" of the hardware 
exceeds 5, the user directory is updated. Both the 
temporary users AAA and DDD of Figs. 2A and 2B are 
permitted the right to use. 

As has been described, the temporary right to use 
can be permitted to all the temporary users 
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automatically, the intervention of the manager becomes 
thus unnecessary. 

As shown in Fig:. 9, if " current time" is set as the 
condition, the temporary right to use can be permitted to 
a proper temporary user automatically at predetermined 
time. This is effective in case of periodical 
maintenance. It is possible to set various kinds of the 
condition as well as the current time and the number of 
failures , for example, miss-load of initial program, 
lack of source as lack of available memory, load excess 
caused by large number of log-in users, etc. 

The temporary right to use is cancelled by 
recognition of the user with the user recognize means 5 
when the temporary user logs in as described in 
Embodiment 1. The temporary right to use also can be 
cancelled in either way described in Embodiment 2 or 3. 
Embodiment 5. 

Figs. 11 and 12 show another embodiment. In this 
embodiment, the temporary right to use is permitted 
automatically when an event occurs to fulfill the 
predetermined condition. In Fig. 11, an example of the 
configuration of the condition directory is shown 
according to Embodiment 5. A user' 74 Is added to the 
condition directory 10 of Embodiment 4 for specifying a 
proper user to permit the right to use when the condition 



20 



is fulfilled. Fig. 12 Is a flowchart showing the 
operation of the condition Judge means 9. In this 
embodiment, the temporary right to use is permitted only 
to the specified user corresponding to the condition when 
an event occurs to fulfill the condition. A general 
configuration of this embodiment is the same as shown in 
Fig. 8 of Embodiment 4. As well as Embodiment 4, the 
temporary right to use can be cancelled in any way of 
Embodiments 1, 2 and/or 3. In the following explanation, 
the right to use is cancelled in the way described in 
Embodiment 1. 

In the operation of this embodiment is the same from 
the start to step S124 in Fig- 12, where the condition to 
permit the right to use is Judged, as Embodiment 4. When 
the condition is fulfilled, the condition Judge means 9 
updates the user directory 6. A temporary user, 
specified as the user 74 in the condition entry of the 
condition directory 10 corresponding to the fulfilled 
condition, is retrieved from the user directory 6 shown 
in Figs. 2A and 2B (steps S125 and S126). The attribute 
64 for permission of the retrieved user is updated to 
permission (step S127). In Fig. 11, when the number of 
failures (of the hardware) exceeds 5 f the user directory 
is updated to permit only the temporary user DDD of Figs. 
2A and 2B the temporary right to use. The first entry of 
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the condition directory shown in Fig. 11 means the 
temporary right to use is permitted to the temporary user 
AAA of Figs. 2A and 2B at a predetermined time. 

Accordingly, this embodiment enables to permit only 
the specified temporary user the temporary right to use 
correspondingly to the condition fulfilled by the 
occurred event without the intervention of the manager. 

In this embodiment, the temporary right to use is 
cancelled by recognition of the user with the user 
recognize means 5 when the user logs in as described in 
Embodiment 1. 
Embodiment 6. 

Figs. 13 - 15 show another embodiment. In this 
embodiment, the temporary right to use is permitted 
automatically when an event occurs to fulfill the 
predetermined condition. In Fig. 13. an example of the 
configuration of the condition directory is shown 
according to Embodiment 6. A user class 75 Is added to 
the condition directory 10 of Embodiment 4 for specifying 
a class of the temporary user to permit the right to use 
when the condition is fulfilled. In Fig. 14. an example 
of the configuration of the user directory 6 is shown 
according to Embodiment 6. An attribute 67 for class, 
corresponding to the user class 75 in the condition 
directory 10, is added to the user directory 6 of 
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Embodiment 1. Fig. 15 is a flowchart showing: the 
operation of the condition Judge means 9. In this 
embodiment, the temporary right to use is permitted only 
to the specified class of the users automatically. The 
class of the users corresponds to an occurred event when 
the event occurs to fulfill the condition. A general 
configuration of this embodiment is the same as Fig. 8 of 
Embodiment 4. 

As well as Embodiment 4, the temporary right to use 
can be cancelled in any way of Embodiments 1 ( 2 and/or 3. 
In the following explanation, the right to use is 
cancelled in the way described in Embodiment 1. 

In the operation of this embodiment Is the same from 
the start to step S154 in Fig. 15, where the condition to 
permit the right to use is Judged, as Embodiment 4. 

When the condition is fulfilled, the condition judge 
means 9 updates the user directory 6. A temporary user, 
who has the attribute 67 for class matching the user 
class 75 of the condition entry corresponding to the 
condition, is retrieved from the user directory 6 (steps 
S155 and S156). The attribute 64 for permission of the 
retrieved user is updated to permission (step S157). In 
Fig. 13, when the number of failures (of the hardware) 
exceeds 5, the user directory Is updated to permit the 
temporary user DDD of class 2 of Fig. 14 the temporary 
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right to use. The first entry of the condition directory 
of Fig. 13 means the temporary right to use is permitted 
to the temporary users AAA and EEE of class 1 shown in 
Fig. 14 at a predetermined time. 

Accordingly, this embodiment enables to permit only 
the temporary users of the class specified in the 
condition entry the temporary right to use automatically 
without the intervention of the manager. In this 
embodiment, the temporary right to use is permitted to a 
group of temporary users corresponding to the condition 
fulfilled by an occurred event, so that the right to use 
can be permitted more flexibly compared with the above 
Embodiments 4 and 5. 

In this embodiment, the temporary right to use Is 
cancelled by recognition of the user with the user 
recognize means 5 when the temporary user logs in as 
described in Embodiment 1. 
Embodiment 7. 

Figs. 16 and 17 show another embodiment. In this 
embodiment, when an event occurs to fulfill the 
predetermined condition, the temporary right to use Is 
permitted to the temporary users of the specified user 
class corresponding to the condition automatically. And 
the temporary right to use of the users of the specified 
user class is cancelled automatically when another event 
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occurs to fulfill another predetermined condition. Fig. 
16 shows the condition directory according to this 
embodiment. As shown in Fig. 16, the user class 75 and 
an attribute 76 for operation are added to the condition 
directory 10 of Embodiment 4. The user class 75 
specifies a group of temporary users to permit or to 
cancel the right to use when an event occurs to fulfill 
the condition. The attribute 76 for operation shows 
permitting/cancelling the right to use. Fig. 17 is a 
flowchart showing the operation of the condition judge 
means 9. In this embodiment, the user directory is the 
same as Embodiment 6. A general configuration of this 
embodiment is the same as Embodiment 4 shown in Fig. 8. 

In the operation of this embodiment is the same from 
the start to step S174, where the condition to permit the 
right to use is Judged, as Embodiment 4. 

The condition judge means 9 observes the variables 
and obtains a changed variable and its value when the 
variable changes (step S171). For example, the number of 
failures changes, the changed value is read from the 
predetermined position (the register 12). The condition 
Judge means 9 retrieves the condition entry corresponding 
to this changed variable from the condition directory 10 
(steps S172. S173). In an example of Fig. 16, a third 
entry and a fourth entry are retrieved. If there is a 
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condition entry corresponding to the changed variable, 
the variable 71 is compared with the corresponding 
reference value 72 to check whether the predetermined 
relation 73 can be applied or not (step S174). If no 
condition entry exists corresponding to the changed 
variable, the condition Judge means 9 does not operate. 
Neither the condition judge means 9 operates if the 
predetermined relation 73 cannot be applied even when 
there exists a corresponding condition entry. 

When the relation 73 can be applied between the 
changed variable 71 and the reference value 72, the 
condition judge means 9 updates the user directory 6. 
The condition judge means 9 retrieves the user, who has 
the attribute 67 for class matching the user class 75 of 
the entry corresponding to the condition specified in the 
condition directory 10. from the user directory 6 shown 
in Fig. 14 (steps S175. S176). If the attribute 76 for 
operation of the condition entry corresponding to the 
fulfilled condition is "permit" (step S177). the 
attribute 64 for permission of the user is changed to 
permission (step S178). If the attribute 76 for 
operation of the condition entry is "cancel" (step S177) . 
the attribute 64 for permission of the user is changed to 
refusal (step S179). In Fig. 16. for example, the 
"number of failures" of the hardware exceeds 5. the user 
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directory 6 is updated. The temporary right to use is 
permitted to the user DDD having 2 as the attribute 67 
for class shown in Fig. 14. On the contrary, when the 
"number of failures" of the hardware is less than 3, the 
temporary right to use of the user DDD having 2 as the 
attribute 67 for class in Fig. 14 is cancelled. A first 
entry of the condition directory of Fig. 16 means the 
temporary right to use should be permitted to the 
temporary users AAA and EEE having 1 as the attribute 67 
for class in Fig. 14 at a specified time. On the 
contrary, a second entry of the condition directory 6 of 
Fig. 16 means the right to use of the users AAA and EEE 
having 1 as the attribute 67 for class in Fig. 14 should 
be cancelled automatically at a time specified in the 
second entry. 

As has been described, the temporary right to use 
can be permitted to the specified class of the temporary 
users automatically and the temporary right to use can b< 
cancelled automatically, thus the intervention of the 
manager becomes unnecessary. This prevents 
permitting/cancelling the right to use from human error, 
the Information processor thus is not used improperly. 

In this embodiment, the condition to cancel the 
temporary right to use can be specified in detail more 
than the above Embodiments 1-3. A complex condition, 
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for example, "in case the accumulation of using time of 
CPU exceeds 5 minutes", can be specified. This enables 
to manage the system more flexibly. 

This Embodiment 7 is an improved application of 
Embodiment 6. The Embodiment 7 is also applicable to 
Embodiments 4 and 5. Namely, the condition directory 10 
of Fig. 16 is applicable to Embodiment 4, where the right 
to use is permitted to all the temporary users and the 
right to use of all the temporary users is cancelled 
without specifying a group of the users by the user class 
75. Also, the condition. directory 10 of Fig. 16 is 
applicable to Embodiment 5. where the right to use is 
permitted to a temporary user specified by the user 74 of 
the condition directory shown in Fig. 11 and the right to 
use of the specified temporary user Is cancelled 
automatically without specifying a group of the users by 
the user class 75. 

In the above Embodiment 1-7, the user logs in the 
information processor 3 with the terminal 1 or 2. And 
the terminals 1 and 2 are connected to the information 
processor 3 via the communication network 4. These 
embodiments can be applied to another configuration, 
where the terminals are connected directly to the 
information processor 3. 

Having thus described several particular embodiments 
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of the invention, various alterations, modifications, and 
improvements will readily occur to those skilled in the 
art. Accordingly t the foregoing description is by way of 
example only, and the invention is limited only as 
defined in the following claims. 
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CLAIMS 

1. An Information processor comprising: 

(a) a user directory for registering a user name, a 
user's password and an attribute for a user's right to 
use ; 

(b) directory update means for updating the attribute 
for the right to use of the user directory to permit the 
user the right to use the information processor; and 

(c) user recognize means for recognizing the user on 
logging in, for judging the user's right to use the 
Information processor by referring to the user directory, 
and for updating the user directory to cancel the right 
to use of the user. 

2. An information processor according to claim 1, 
wherein the attribute for the user's right to use 
comprises: 

an attribute for temporary use showing whether a 
user is a temporary user or not; and 

an attribute for permission showing whether the user 
is permitted to use the information processor or not. 

3. An information processor according to claim 1 or 2. 
wherein the attribute for the user's right to use 
comprises an attribute for a number of permissions 
showing a number of times the user is permitted to use 
the information processor. 
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4. An information processor according to claim 1 , 2 or 
3. wherein the attribute for the user's right to use 
comprises: 

an attribute for time limit showing time limit until 
when the user is permitted to use the information 
processor . 

5. An information processor comprising: 

(a) a user directory for registering a user name, a 
user's password and an attribute for a user's right to 
use ; 

(b) a condition directory for registering a condition to 
permit a temporary right to use; and 

(c) condition judge means for Judging a fulfillment of 
the condition specified in the condition directory and 
for updating the user directory to permit the user the 
temporary right to use when the condition is fulfilled. 

6. An information processor according to claim 5, 
wherein the condition directory registers a user 
corresponding to the condition to permit the right to use 
the information processor when the condition is 
fulfilled. 

7. An information processor according to claim 5 or 6, 
wherein the condition directory comprises a condition for 
cancelling the user's right to use. 

8. An information processor according to claim 5 , 6 or 
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7, further comprising: 

user recognize means for recognizing the user on 
logging in, for Judging the right to use of the user by 
referring to the user directory, and for updating the 
user directory to cancel the right to use of the user. 

9. An information processor according to any one of the 
preceding claims, 

wherein the attribute for the user's right to use 
comprises an attribute for a user class to permit a user 
of the class the right to use the information processor. 

10. A method of permitting a temporary user a temporary 
right to use an information processor comprising the 
steps of: 

inputting a user name and a password on logging in 
the information processor; 

retrieving a user's entry from a user directory; 

checking the user's entry to determine whether the 
user is permitted to use the information processor; 

updating the user's entry of the user directory to 
cancel the user's temporary right to use for next log-in; 

confirming the password referring to the user 

directory; and 

permitting the user the temporary right to use the 
information processor after the password is confirmed. 

11. A method according to claim 10 further comprising a 
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step of: 

checking the user's entry to determine whether the 
user is a temporary user or not. 

12. A method according to claim 10 or 11 , further 
comprising the steps of: 

checking, after the checking step, a number of 
permissions of the user's entry to determine whether the 
user is permitted to use; and 

decreasing the number of permissions of the user's 
entry in the user directory by 1 when the number of 
permissions is detected as positive. 

13. A method according to claim 10. 11 or 12, further 
comprising a step of: 

comparing, after the checking step, current time 
with a time limit specified in the user directory to 
determine whether the user is permitted to use. 

14. A method of permitting a temporary user a temporary 
right to use an information processor comprising the 
steps of: 

monitoring a variable specified in a condition 
directory ; 

Judging whether or not the variable satisfies a 
condition stored in the condition directory; and 

permitting a temporary user specified in a user 
directory the temporary right to use the information 
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processor when the condition is Judged as fulfilled at 
the Judging step. 

15. A method according to claim 14. further comprising a 
step of: 

updating the user directory to cancel the user's 
right to use the information processor when the user logs 
in. 

16. A method according to claim 14 or 15, further 
comprising a step of: 

retrieving a user's entry corresponding to the 
condition from the user directory after the Judging step. 

17. A method according to any one of claims 10 to 16, 
further comprising a step of: 

retrieving a user's entry of a class corresponding 
to a user class to determine if the user is permitted to 
use the processor. 

18. A method according to claim 16 further comprising a 
step of: 

checking an attribute of the user's entry to 
determine if the user is permitted to use the processor. 

19. An information processor constructed and arranged to 
operate substantially as hereinbefore described with 
reference to and as illustrated in the accompanying 
drawings. 

20. A method of permitting temporary use of an 
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information processor substantially as hereinbefore 
described with reference to and as illustrated in the 
accompanying drawings. 
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Amendments to the claims have been filed as follows 

1. An information processor comprising: 

(a) a user directory for registering a user 
name, a user's password and an attribute for a user'B 

5 right to use; 

(b) directory update means for updating the 
attribute for the right to use of the user directory to 
permit the user the right to use the information 
processor; and 

10 (c) user recognize means for recognizing the 

user on logging in, for judging the user's right to use 
the information processor by referring to the user 
directory, and for updating the user directory 
automatically to cancel the right to use of the user. 

15 2. An information processor according to claim 

1, wherein the attribute for the user's right to use 
comprises : 

an attribute for temporary use showing whether a 
user is a temporary user or not; and 
2o an attribute for permission showing whether the 

user is permitted to use the information processor or not. 

3. An information processor according to claim 
1 or 2, wherein the attribute for the user's right to use 
comprises an attribute for a number of permissions showing 

25 a number of times the user is permitted to use the 
information processor. 

4. An information processor according to claim 
1, 2 or 3, wherein the attribute for the user's right to 
use comprises: 

30 an attribute for time limit showing time limit 

until when the user is permitted to use the information 
processor . 
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5. An information processor comprising: 

(a) a user directory for registering a user 
name, a user's password and an attribute for a user's 
right to use; 

5 (b) a condition directory for registering a 

condition to permit a temporary right to use; and 

(c) condition judge means for judging a 
fulfilment of the condition specified in the condition 
directory and for updating the user directory 
10 automatically to permit the user the temporary right to 
use when the condition is fulfilled. 

6. An information processor according to claim 
5, wherein the condition directory registers a user 
corresponding to the condition to permit the right to use 

15 the information processor when the condition is fulfilled. 

7. An information processor according to claim 
5 or 6, wherein the condition directory comprises a 
condition for cancelling the user's right to use, 

8. An information processor according to claim 
2 0 5, 6 or 7, further comprising: 

user recognize means for recognizing the user on 
logging in, for judging the right to use of the user by 
referring to the user directory, and for updating the user 
directory to cancel the right to use of the user. 

25 9. An information processor according to any 

one of the preceding claims, 

wherein the attribute for the user'B right to 
use comprises an attribute for a user class to permit a 
user of the class the right to use the information 

30 processor. 
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10. A method of permitting a temporary user a 
temporary right to use an information processor comprising 
the steps of: 

inputting a user name and a password on logging 
5 in the information processor; 

retrieving a user's entry from a user directory; 
checking the user's entry to determine whether 
the user is permitted to use the information processor; 

updating the user's entry of the user directory 
10 automatically to cancel the user's temporary right to use 
for next log- in; 

confirming the password referring to the user 

directory; and 

permitting the user the temporary right to use 
15 the information processor after the password is confirmed. 

11. A method according to claim 10 further 
comprising a 



processor automatically when the condition is judged as 
fulfilled at. the judging step. 

15. A method according to claim 14, further 
comprising a step of: 

updating the user directory to cancel the user's 
right to use the information processor when the user logs 

in. 

16. A method according to claim 14 or 15, 
further comprising a step of: 

retrieving a user's entry corresponding to the 
condition from the user directory after the judging step. 

17. A method according to any one of claims 10 
to 16, further comprising a step of: 

retrieving a user's entry of a class 
corresponding to a user class to determine if the user is 
permitted to use the processor. 

18. A method according to claim 16 further 
comprising a step of: 

checking an attribute of the user's entry to 
determine if the user is permitted to use the processor. 

19. An information processor constructed and 
arranged to operate substantially as hereinbefore 
described with reference to and as illustrated in the 
accompanying drawings. 

20. A method of permitting temporary use of an 



